The Personal Information Protection Commission said that Coupang reported at about 4:02 p.m. on the 5th that it had confirmed, during a check of the delivery-address list, an additional personal information leak beyond the existing 33.7 million member accounts.
The additionally leaked information is delivery-address data entered by users of 165,455 accounts, and includes sensitive information such as names, phone numbers and addresses. Under the current Personal Information Protection Act, a personal information controller must notify the data subject immediately upon recognizing a leak.
The Personal Information Protection Commission said it plans to rigorously verify the details of Coupang's additional leak during the investigation. It added that, together with the public-private joint investigation team, it is investigating the precise scope and circumstances of the leak, including not only Coupang member accounts but also nonmembers.
The additionally leaked accounts were reportedly identified during the government joint investigation team's inspection of internal systems and servers.
Earlier, in Dec. last year, Coupang announced the results of its own investigation, saying, "(The person who leaked the information) accessed the basic customer information of 33 million customer accounts but saved only the customer information of about 3,000 accounts."